Skip to content

fix: failsafe on gcp & gsuite #1513

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Apr 3, 2025
Merged

fix: failsafe on gcp & gsuite #1513

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6e5e829
fix: gcp stack trace when no credential provided
jychp Apr 3, 2025
7508ee1
fix: gcp uncatch error when config file is undefined
jychp Apr 3, 2025
fb9215f
mypy fix
jychp Apr 3, 2025
f198708
fix bad condition
jychp Apr 3, 2025
f2c898c
fix typo
jychp Apr 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions cartography/intel/gcp/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
from collections import namedtuple
from typing import Dict
from typing import List
from typing import Optional
from typing import Set

import googleapiclient.discovery
Expand Down Expand Up @@ -328,7 +329,7 @@ def _sync_multiple_projects(


@timeit
def get_gcp_credentials() -> GoogleCredentials:
def get_gcp_credentials() -> Optional[GoogleCredentials]:
"""
Gets access tokens for GCP API access.
:param: None
Expand All @@ -338,6 +339,7 @@ def get_gcp_credentials() -> GoogleCredentials:
# Explicitly use Application Default Credentials.
# See https://google-auth.readthedocs.io/en/master/user-guide.html#application-default-credentials
credentials, project_id = default()
return credentials
except DefaultCredentialsError as e:
logger.debug("Error occurred calling GoogleCredentials.get_application_default().", exc_info=True)
logger.error(
Expand All @@ -349,7 +351,7 @@ def get_gcp_credentials() -> GoogleCredentials:
),
e,
)
return credentials
return None


@timeit
Expand All @@ -367,6 +369,9 @@ def start_gcp_ingestion(neo4j_session: neo4j.Session, config: Config) -> None:
}

credentials = get_gcp_credentials()
if credentials is None:
logger.warning("Unable to initialize GCP credentials. Skipping module.")
return

resources = _initialize_resources(credentials)

Expand Down
8 changes: 8 additions & 0 deletions cartography/intel/gsuite/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,14 @@ def start_gsuite_ingestion(neo4j_session: neo4j.Session, config: Config) -> None

creds: OAuth2Credentials | ServiceAccountCredentials
if config.gsuite_auth_method == 'delegated': # Legacy delegated method
if config.gsuite_config is None or not os.path.isfile(config.gsuite_config):
logger.warning(
(
"The GSuite config file is not set or is not a valid file."
"Skipping GSuite ingestion."
),
)
return
logger.info('Attempting to authenticate to GSuite using legacy delegated method')
try:
creds = service_account.Credentials.from_service_account_file(
Expand Down